DOD to allocate its IPv6 addresses

SUPPORT: 'We have a good case for v6. We need it for ad hoc networking and mobility,' says DOD's Kris Strance.

Charles Csavossy

The Defense Department has acquired a block of 247 billion IP Version 6 addresses, about equal to 25 percent of the entire IPv4 address space.

Only a tiny percentage of those addresses will be used, however. As with the North American Numbering Plan for telephone numbers, DOD officials said addresses will be assigned to networks in a hierarchical model that will leave many untouched.

The huge address block also will help DOD's network performance and scalability, said Kris Strance, lead manager for DOD's transition to IPv6.

'An IPv6 address plan also provides more addresses than are immediately needed and holds additional addresses in reserve to allow for growth without force reallocation or additional noncontiguous allocations,' Strance said.

Strance added that the plan likely will use as little as 1 percent of the addresses allotted to DOD.

For this collection of addresses, which in IP talk is known as a /16 (pronounced 'slash 16'), DOD will pay a paltry $36,000 a year, and will start assigning them to the military services and agencies over the next two months, Strance said.

'We will be analyzing the requirements from the services and agencies to get the initial block of addresses,' Strance said. 'We will work with them to allocate the addresses based on their specific requirements.'

A /16 block is what was referred to as a Class B network under IPv4. The IPv6 address space has room for up to about 3.5 million /16 networks with no more than about 14 million hosts per network.

DOD is not the first agency to receive its IPv6 addresses from the American Registry for Internet Numbers (ARIN) of Chantilly, Va.

'When an existing customer has an IPv4 agreement, all they have to do is request v6 addresses and pay for the service,' said Stephen Ryan, ARIN's general counsel and an attorney with the Washington law firm of McDermott, Will and Emery. 'There is no need for a new agreement.'

ARIN has existing agreements to provide IPv4 addresses with a number of other agencies, including the Commerce Department, Ryan said.

He added that ARIN recently signed an agreement with the State Department.

ARIN's rates for IPv6 addresses are based on the size of the block. Its Web site lists costs for a micro allocation, known as /41 or /48 address blocks, at about $1,250 a year, up to what DOD is paying'$36,000 annually'for a /21 or greater allocation, such as DOD's /16.

'When people pay for this, they are paying for a service,' Ryan said. 'DOD or anyone else will not own the numbers, but have the right to use them as long as the contract remains in force and the department needs them.'

DOD received authorization to begin assigning IPv6 addresses for closed networks'known as enclave-to-enclave'and multidomain or cross-domain networks, Strance said. The department outlined its plans in an IPv6 Strategy sent to Congress last year.

'We anticipate initially we will have pilots to roll out the protocol in a structured way to best mitigate all the risks to the operational user,' said Tom McCrickard, chief of DOD's IPv6 transition office. 'We know entities are taking advantage of the opportunity to do enclave-to-enclave testing, but we are not sure how many.'

Another DOD milestone, scheduled for July 2008, is for enterprise authorization to use IPv6 on its Non-Classified IP Router Network (NIPRnet). Strance said that is how DOD will meet the Office of Management and Budget's deadline to move backbone networks to IPv6 by June 2008. DOD has been planning to move to IPv6 since 2003, well before the OMB mandate.

He added that DOD will move the classified Secret IP Router Network for sensitive data (SIPRNet), to the protocol by 2010 when 'high-value IPv6 encryptors are available.'

Strance said most of the work to move the core network to v6 will be done at the transport layer.

'It is not so hard to do that'you just have to buy a router with sufficient memory to handle v6 and v4 packets,' Strance said. 'What gets harder is applications. If you have to do reprogramming of applications, that is more complex. Our strategy is to deal with the core networks where you start and move to the edge and, when folks have requirements for v6, they can come to the edge with whatever app they need it for.'